FYI, we're seeing enough issues where someone can upload a file with
an executable extension like .php, then access the file to execute
code, that CVE is going to start calling them "Unrestricted file
upload" issues. Heck, it's even consistent with what we call it in
CWE :) Suggestions for other terms welcome... suppose I should ask the
web app security people what they call this...
- Steve